Helpful Information
 
 
Category: Client side development
Restrict Printing and Text Copy

I am trying to accomplish two things and am pretty sure JavaScript is the tool to do it, but don't know how.

1) I am trying to disable a page from being printed and
2) I am trying to disable the ability to copy and paste text or images from the web page.

I would appreciate any assistance that I could get with this task.

Thank you in advance,
Brian

Sorry, Javascript does not have this ability.

You can *try* this for IE:

<body onbeforeprint="return false" onprint="return false" onbeforecopy="return false" oncopy="return false" onbeforecut="return false" oncut="return false">

I personally wouldn't like a site preventing me from copying text or disabling my ability to print it.

Of course, all that is needed is to disable Javascript to copy and print anyway.

I'm with JKD on this'un. I spend countless hours online every day, and well, after a while I need to 'keep my place' while reading. How do I do it? I highlight each word as I read it so eventually I've got a good half a page highlighted.

Most 'copy prevention' methods disable highlighting, as well. And well, I don't like that. :(

Not that you should ditch the idea just for me. Just saying, I'm sure I'm not the only one. Or maybe I'm a freak, and I am a freak, who knows. :D

Jer!

I am in agreement with you guys on it being annoying to not allow copying etc, but I am on a project where they are concerned about someone taking some published information, editing it, and then trying to come back and sue saying we gave them bad information.

If that is the case, Excel, then you need something much more robust, you need it to be bulletproof, not relying on browser or he said she said kind of stuff.

You need to look into Version Control systems which allow you to show exactly what was on your site at any time in the past, when and if anything changed, and various other things. A lot of CMS suites are actually just Version Control programs (Interwoven the horrible being a prime example)

Here is a no text select script:

<script language="JavaScript1.2">

//Disable select-text script (IE4+, NS6+)

function disableselect(e){
return false
}

function reEnable(){
return true
}

//if IE4+
document.onselectstart=new Function ("return false")

//if NS6
if (window.sidebar){
document.onmousedown=disableselect
document.onclick=reEnable
}
</script>

And this is a No right Click script:

<script language=JavaScript>
<!--

//Disable right click script

var message="";
///////////////////////////////////
function clickIE() {if (document.all) {(message);return false;}}
function clickNS(e) {if
(document.layers||(document.getElementById&&!document.all)) {
if (e.which==2||e.which==3) {(message);return false;}}}
if (document.layers)
{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}
else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}

document.oncontextmenu=new Function("return false")
// -->
</script>

try those out

Resistance is futile. Like Feyd says you will have to look into other options if your end goal is just to cover your butt. NO matter what you do to a page dispalyed in a brwoser there is always a way to get around it.

Using JavaScript to "disable" certain functionality within a page can be circumvented in several ways.

I can't wait untill the FAQ page is up and running.

Thank you SteveKitz for the scripts. Again, I am in agreement with most of the comments about versioning and non-bulletproof systems. We are using Oracle Portal, which does allow for versioning, but I have spent too much time already trying to convince the high ups about the security they do not see.

Get this, this is a corporate intranet site, only accessable with a VPN or from on our network. The stores that have the ability to connect are using a machine we built which is locked down to the point that they cannot save information to thier hard drive, and temp directories are deleted when the computer is rebooted, so if a machine is stolen, nothing is saved. The do not have e-mail, they do not have a floppy drive, and yet, that is not secure enough. The information we are putting out, used to be sent to the stores on paper and kept in notebooks in the back room. Anyone could take it or copy it.

Anyway, not that anyone cares about all of this, I just appreciate the help and responses you guys gave.

Thanks,
Brian

I would like to be able to disable the print option, through anymeans necesarry, I'm developing an internal web-site, and some users may be able to view a document, but not have the print options. I've been going over this all day. Is there a way to cancel a print request in the onbeforeprint. I've tried everything posted here so far with no results.

Regarding your worry, that someone might modify the document - if I'm not mistaken all you need to do is save the document in UNmodified form - keep track of any changes by perhaps adding a datestamp to the filename.

A check of the last modified date of the document(s) in question would reveal whether the document was taken and modified at a later date - wouldn't it?

Okay this is the best that I've come up with, and maybe it will help others even though it doesn't exactly pertain to Javascript. but with the link tag you can do this

<head>
<link rel=alternate media=print href="blank.htm">
</head>

Anytime someone wants to print it prints the blank.htm instead. I know this works in IE 6, don't know about N6

*sigh* - you can't stop people from printing/copying/viewing source code...

I could still save the page from my temporary internet files, and take out the code you posted above... and just take the text as is.

There isn't ANY way around that. Period. (Not if you want the page to display in a browser, at any rate...)

Well the people that this is for aren't that computer literate, so hopefully if I diable right click and remove the menu bar, that they won't see those options. Thanks for all the help guys.

Most of my users are in the illiterate category as well, but security is security, and underestimating your audience is not a good idea.

As far as what can and can't be done, it is possible to combine all of the security restrictions that have been posted here and encrypts the page as well. My web searches found a program called Web Protecter 2.0, at http://www.protecthtml.com/ that supposedly accomplishes exactly what I am looking for. I think it is only $50 but I am interested to know what it is doing to accomplish the goal. I think it is opening the page in some java or JavaScript window that encrypts it, but I am not sure. I will probably just get the program, but I am really intrigued as to how this is working.

Does anyone have experience with this program?

Well I've downloaded and tested the program. It works all well and good with HTML files, but there isn't support for ASP or the new .NET ASPX, Good program all around especially with the source encryption. If anyone knows how to do this with java that would be great.

Originally posted by Tollman
Well I've downloaded and tested the program. It works all well and good with HTML files, but there isn't support for ASP or the new .NET ASPX, Good program all around especially with the source encryption. If anyone knows how to do this with java that would be great.

It's a real shame when a program costs $50, and I type this in my location bar:

javascript:document.documentElement.outerHTML.replace(/</g,'&amp;lt;')

And I get all the source the webmaster just payed $50 to protect....

Well what you could do is :

Use php (or some other language which lets you create images) to create an image with all the page info on it.
Disable right clicking and printing to stop people saving the image
Disable cut and pasting to stop people copy the image.
Use an iframe which would change the same image (after it loaded) to a blank image so that even if the viewer gets the url of the image he will see a totally blank stuff.

The risks are that the user could access the source of the page who is still not processed by php or that he uses some program to take a screen shot... and they might be a few others

The code would be complicated though but if you realllly care about security.

can you not use adobe PDF files? You can open them seamlessly in IE, and printing is disabled as well as highlighting - so no copy and paste :)

Originally posted by jkd


It's a real shame when a program costs $50, and I type this in my location bar:

javascript:document.documentElement.outerHTML.replace(/</g,'&amp;lt;')

And I get all the source the webmaster just payed $50 to protect....

Are you using Netscape to do this, because even when I use IE it's still fairly garbled. Does Netscape handle this differently?

Netscape doesn't support the proprietary outerHTML, if I wanted to use Gecko, this completely undoes any encryption on their sample pages:

javascript:unescape((new XMLSerializer()).serializeToString(document).replace(/</g, '&amp;lt;'))

Just save that as a bookmark in Moz 1.0. Now I can decode any page source in 2 mouse clicks.

Pretty ridiculus that they would consider selling that for $50.

I agree that there encryption schema pretty much sucks, but there has to be a better way of protecting source, is there a way to disable the open URL function you know Ctrl-O in IE. If you could do that, then got rid of the menu, so you couldn't access favorites, and then get rid of the location bar, and then you couldn't enter in the javascript, right? Just a thought, what are your thoughts.

I look at the page that opens a new window with all my stuff disabled, and look at the url it opens it too. I then open the url in my own window. Then two mouse clicks.

Or, if they decided to be annoying, I save the url onto my hard drive, and remove any stuff that is making it more difficult to grab the source.

You can't protect your source, and half the time with people who try protecting their source, a lot of the source isn't even their's, rather just some copy and paste scripts.

Okay, well I guess that I'll just have to make it as secure as I can and hope for the best then. None of the people that are going to be accessing this information will have the knowledge that you do, so for them to do this would be very difficult, and since it's an internal sight the outside won't have access to the information, so it should be fairly safe. Thanks for all your help though

Yes, Adobe is what we are currently using, but it is just slower to open than a web page would be. I agree with Tollman on the fact that I doubt that any of our users will be one one millionth as knowledgeable about Javascript but I'm sure a competitor could hire a crack programmer to do it after they got access into the VPN somehow.

I guess the search is still on, if anyone decides to write a program or code snippit that would accomplish this, please let me know, I can't promise how much, but I am 100% sure there would be some money in it from us. (we'd probably hire jkd to try and hack it though)

Heh... yeah one of our members cracked it in less than 5 minutes, if I recall. ;)

Originally posted by whammy
Heh... yeah one of our members cracked it in less than 5 minutes, if I recall. ;)

Several of us did.

If the 2 links I displayed above don't work for some reason or another, many times the source can be decrypted by calling the function used to encrypt it simply one more time ;).
Which is why (I remember this instance) most of us had the complete source within a few minutes.

http://www.protecthtml.com/product/wp/sample11.htm is an example of their "encryption." I can break that accidentally, I can break that in my sleep, with a headache, hangover and a ingrown nail...that isn't even encryption. And it is also on the verge of going into false advertising/business claims (when is the FCC ever going to look towards conmpanies like these...)

Also note that schemes like this often dramatically increase your page size...and also realize that anything the browser displays has to be able to be understood by the browser...I can't come up with my own reso encyrption and expect the browser to decode it for me, because the browser deals with readable text, not machine language which would be where real encryption is bordering. I'd have to write a plugin that the browser can use in order to display my neato-keen page...(hey, that sounds like shockwave or quictime plugins, don't it? Yes--kinda). If the browser can see it, no matter what the source looks like, it can be stolen/manipulated/whatever...easily.

In case anyone was interested I have come as close to accomplishing this is possible. This is mainly a result of using some of the functionality of PL/SQL and our Oracle Portal system, but I would think it could work in other 'worlds' as well.

Basically I have created a procedure that serves two purposes. 1)writes the users session and database request to a table.
2)builds a frameset, calling additional procedures for the sources of both frames.

The 'main frame' procedure, retrieves the variables from the table and then deletes them. This set up forces the user to call the frame page to view the content, because the framed procedure cannot operate on its own.

I have created my own context menu to display in IE, which does not have the view source option. View source in the browser obviously returns the source of the frameset. I have disabled the right click in Netscape. I have used the no-cache tag in the HTML to keep the information from being cashed. I have blocked text cut and copy from the page. Since the page is being generated by our Portal, if they disable scripting, then nothing is viewable.

So, as far as I can tell, the only way to view the source is with the menu keyboard command in netscape, (which would only work once in my tests for some reason), and the only way to copy the information is to do a print screen, which there is no way to prevent.

So anyway... just wanted to post this incase anyone either has a solution for the print screen function, or if there is some glaring omission that you could point out to me.

Among the other techniques you can use:



<html>
<head>
<title>Testing</title>
<style>
@media print { body {visibility: hidden;}}
</style>
<script>
</script>
</head>
<body>
<h1>Test Page</h1>
<form>
</form>
<script>
</script>
</body>
</html>


Try printing that page :D . If you've got enough things on your page that should prevent printing then that fact alone should give you a lot of ammunition to come back on someone who carries up a copy of the page regardless of whether they managed to alter any of the content or not.

A note on trying to protect source:

If there ever is a way to completely protect source in every way, people can just go to validator.w3.org and type in the URL. Then "Show Source". Pretty simple. :D

It is possible to hide the source code. It is just that most people are not aware of it. However, it is only really useful for pages that you do not need to be indexed by Google etc.

The method is to have a content area determined by a div tag. Give this tag an id parameter and you are away.

The content would be delivered using AJAX (simple javascript function).

Search google and you will find plenty of information.

Yes, of course someone can disassemble the javascript function that contains paths to the content. However, all you need to do is just encrypt that small function and you are away.

This beats the PNG method anyway!

<span onclick="return false">your texts here</span>










privacy (GDPR)